Bing Announces New Site Safety Page

, , ,

Bing is working hard to improve user safety. But rather than censoring or blocking sites that Bing deems to be a threat, the search engine is offering extra information so that users can make informed decisions and hopefully avoid sites that may have been compromised.

Bing announced the Bing Site Safety Page this week on the Bing Webmaster Blog. The safety page will show up on search results if Bing has identified a specific site as having a potential safety issue. This means users will receive a warning that a site might have problems and the webmasters will have added incentive to resolve the issues quickly.

Below you can see a screen shot of what the alert will look like and what the full Bing Site Safety Page looks like.

Bing Safety

The Bing Site Safety Page will include information such as how long the issue has existed and when the last scan took place. Webmasters will also have extended information about how to resolve the security issue within Bing Webmaster Tools.

The Bing Safety Page offers:

  • The reason the page is being marked as malicious, e.g. Malicious Javascript, DriveBy Attacks, Malware Network References, etc…
  • The date the infection was first detected
  • How often the URL has been scanned
  • The date the infection was most recently detected

Bing also said they planned on expanding the page further in the near future with more data such as:

  • The total number of URLs detected as malicious on the site
  • The types of malware found
  • The last date of suspicious activity
  • When the site was last scanned
  • Warning trigger rate/ coverage
/0 Comments

A PPC Fraud Ring Impersonated Over 300 Advertisers Before Getting Caught

, , , ,

hijackblogHave you ever had to deal with a sudden significant drop in the effectiveness of your pay-per-click advertising? Usually, those types of issues are the result of a bad change with how you are bidding or possibly the failure to adapt to changes on advertising platforms. However, it could also be the result of a concentrated fraudulent effort, as the discovery of a large PPC fraud ring in May shows.

This wasn’t just an issue of click fraud, either. The newer tactic being deployed by the ring of con artists is both serious and hard to detect. Lori Weiman reported that a PPC fraud ring used a tactic called PPC ad impersonation to pose as over 300 advertisers, as well as how they were brought down.

PPC ad impersonation, also sometimes called URL Hijacking, is when a scammer impersonates an advertiser by using the advertiser’s URL as the display URL in PPC ads. But, the scammer then links the ad to the real advertiser’s site through an unauthorized link such as an affiliate link, a phising link, or a cookie-stuffing URL.

Weiman’s report shows exactly how the most recent large-scale PPC ad impersonation ring was brought down, but the issue is far from resolved. Just as with every form of fraud, there are plenty of others out there willing to fill the place of the group that was recently detected.

Normally, these types of fraud are relatively limited, only affecting about 5% of the effected advertiser’s ads, but the recent attack was so bold that between 20% to 100% of ads being shown for some large companies were fraudulent. It is a worrisome sign for the future of these types of attacks, but thankfully this one was resolved rather quickly.

/0 Comments

Negative SEO is Getting Easier

, , ,

Negative SEONone of the big search engines like to talk about it, but negative SEO has been a problem for years. By Google’s admission, negative SEO has been occurring since 2007 – though they claim it is rare.

As “rare” as negative SEO may be, it has managed to cause serious problems for sits as large as Expedia, and it has been enough of an issue for Google to have to reword their own documentation on the subject.

If you’ve yet to run into any cases of negative SEO, it is a practice of using purposefully bad SEO against a competitor. For example, it is possible to point huge numbers of low-quality links towards a competitor’s site and potentially cause the competitor to be punished by Google’s Penguin algorithm. Penguin is designed to take down sites who build backlink profiles filled with low-quality links in order to cheat the search engine for high rankings.

You would think search engines would be actively trying to fight the possibility of SEO companies using their skills against competitors or former clients, but according to Search Engine Roundtable, it is only getting easier.

Barry Schwartz reported on a conversation occurring over at WebmasterWorld, where a site administrator going by Engine said “negative SEO is now much easier to do than it was prior to google’s latest updates.”

It turns out, the majority of webmasters and SEOs seem to agree. The overwhelming response to the question on WebmaserWorld agreed with Engine’s statement, and over 70% of the respondents to a poll on Search Engine Roundtable sided with those who believe negative SEO is getting easier.

Considering the latest algorithm updates from Google are receiving the majority of the blame for this trend, it isn’t particularly surprising they remain relatively mum on the issue. But, business owners have every right to be concerned. Hopefully, Google’s next big algorithm they unveil will be aimed at protecting innocent webmasters from the “black hat SEOs” who use such destructive practices.

/0 Comments

Is Google Going to Favor Secure Sites in Search Results?

, , , ,
Source: The Search Guru

Source: The Search Guru

Matt Cutts has been urging webmasters to use strong encryption measures on their sites for quite a while, and he has hinted that one day Google may start rewarding those sites in their search results. Google has remained mum on the issue entirely, but there are rumors swirling that Cutts is doubling down and pushing for an algorithm update that would favor secure sites within the company.

At the SMX West conference, Cutts explained why the search engine would benefit from favoring encrypted sites by saying that it would save Google a large amount of time when new security panics occur. According to Time magazine, Cutts is quoted saying, “We don’t have the time to maybe hold your hand and walk you through and show you exactly where it happened.”

It is unclear if these types of changes are likely to be made any time soon, as most sources seem very skeptical. But, in the wake of Heartbleed, one of the most widespread security exploits in history, now would be a reasonable time to increase security guidelines and protocols.

/0 Comments

Google Responds To Mass Hotel Local Listing Hijacking

, ,

Yesterday we reported on the mass hijacking of thousands of Google+ Local listings. In short, over a short period of time a huge number of hotels with business listings for Google Maps and Search. The story was broke open by Danny Sullivan from Search Engine Land, who attempted to track down the source of the spam attack, with no concrete evidence to suggest who the culprit actually is.

While the issue could have a big affect on many businesses it the hotel sector, it is more notable for showing that other attacks could happen in the future. Even worse, no one outside of Google has been able to explain how this could occur, especially with the number of big hotel chains affected. The hotels hit with the spam weren’t mom-and-pop bed and breakfast places. Most of the listings were for huge hotel chains, such as the Marriott hotel shown in the example of a hijacked link below.

If Google does know how this was able to happen, they aren’t telling. In fact, Google has been terribly quiet on the issue. They’ve yet to issue an official public statement, aside from telling Sullivan that he could confirm they were aware of the problem and working to resolve it.

The only direct word from Google on the hijackings is a simple response in an obscure Google Business Help thread from Google’s Community Manager, Jade Wang. If it weren’t for Barry Schwartz’s watchful eye, it is possible the statement would never have been widely seen. Wang said:

We’ve identified a spam issue in Places for Business that is impacting a limited number of business listings in the hotel vertical. The issue is limited to changing the URLs for the business. The team is working to fix the problem as soon as possible and prevent it from happening again. We apologize for any inconvenience this may have caused.

/0 Comments

Google+ Local Listings For Thousands of Hotels Get Hijacked

, , ,

Yesterday, thousands of hotels with Google+ Local listings had their pages manipulated to replace their links to official sites with links leading to third-party booking services. Google+ Local listings are what Google uses to provide local results in Google Maps and Google Search.

It currently appears to be isolated entirely to hotels, and Google has already said they are aware of and fixing the problem, but Danny Sullivan’s research into who is responsible for the hijacking has yet to turn up anything concrete. What we do know is that thousands of listings were changed to point to either RoomsToBook.Info, RoomsToBook.net, or HotelsWhiz.com.

Source: Search Engine Land

Source: Search Engine Land

The problem is, we can’t be sure any of these companies are actually directly responsible. Only one person responded to Sullivan’s inquiries. Karim Miwani, listed on LinkedIn as the director of HotelsWhiz.com, replied saying (sic):

We have recently seen this issue and have reported to Google webmaster already. If you have seen any links please forward it to me and I will submit the request.

Our team is already in the process of blocking list of certain domains and IP addresses from back-linking us.

Thank you for pointing this out if you have any more external domains acting in aboce manner please report it to us on

You can get all the details on the hijacking from Danny Sullivan’s investigative report into the issue, but this event has a broader relevance outside of the hotel industry. The mass hijacking of Google’s local listings suggests their is a security flaw in the Google+ Local listings which needs to be addressed and resolved. It may explain why Google has largely remained mum on the subject aside from confirming that it occurred.

You most likely have nothing to worry about with your own local business’s listings, so long as you don’t work in the hotel industry. However, it could have implications about the future of Google+ Local listings. Either the security flaw that allowed this to happen will be fixed, or issues like these could affect other industries on a larger scale.

Considering how important these listings are to Google Maps and Search, a larger attack could be a serious problem for Google.

/0 Comments

Researchers Find Almost 2 Million Stolen Social Media Passwords Online

, , ,

Hacker Code

Social media users around the world have reason to be concerned as nearly two million login credentials have been found online by security researchers this week. The credentials included those for the largest social media platforms including Facebook, Google, Yahoo, LinkedIn, and Twitter.

Researchers from Trustwave’s SpiderLabs division posted a blog post reporting the information they found online after using the source code of a botnet controller, a controller for a collection of internet-connected programs, called Pony.

With that data the researchers were able to trace information connected to data-stealing capabilities and they discovered a massive collection of passwords from many of the biggest websites and social media services. In total 1.58 million website login details were stolen, along with 320,000 email account credentials, 41,000 FTP logins, and 3,000 Remote Desktop credentials.

The researchers believe the attack came from the Netherlands, based on a proxy server there which was operating as an intermediary between infected machines and the overseeing command-and-control server botnet.

“This technique of using a reverse proxy is commonly used by attackers in order to prevent the command-and-control server from being discovered and shut down. Outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down,” they wrote.

“While this behaviour is interesting in and of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any.”

While they were at it, the researchers took the time to analyze the data and see what the most common passwords were. The results are depressingly unsurprising.

The most used password was the standard 123456 password, with 15,820 accounts using the simple code. The second and third most used passwords were variations on this, with 123456789 and 1234 filling the respective slots. ‘Password’ was the fourth most common password, and 12345 came in fifth. Sadly, it seems many will never learn to start using more difficult passwords.

/0 Comments

Lily Collins Is The Most Dangerous Celebrity To Search For

, ,
Lily Collins

Source: Gage Skidmore

Every year innocent and not-so-innocent searchers end up getting infected or attacked by high risk malware attacks which can harm your computer or steal your personal information. How do these people get tricked? It seems innocuous, but searching for your favorite celebrity can put your computer at high risk for attack if you aren’t careful.

To help warn searchers, McAfee puts out a list each year of the most dangerous celebrities to search for. Last year’s ‘winner’ was Emma Watson, but this year earns the designation, likely thanks to her starring role in this years fantasy film adaptation The Mortal Instruments: City of Bones. Watson, on the other hand, has fallen off the list.

McAfee’s announcement read:

Cybercriminals consistently take advantage of consumer interest around award shows, new movies and TV shows as well as the latest cultural trends driven by celebrities. These criminals capitalize on the public’s fascination with celebrity to lure them to sites laden with malware that enables them to steal passwords and personal information. This year, searching for a celebrity name coupled with the search terms “free app download” and “nude pictures” resulted in the highest instances of malware-laden sites.

Avril Lavigne and Sandra Bullock took the second and third spots this year, respectively. Women regularly make up the majority of the list, though some men manage to break into the ranks. This year, Jon Hamm was the only male coming in at number eight. McAfee also said the some of the most dangerous types of searches included:

  • “Lily Collins and free downloads”
  • “Lily Collins and nude pictures”
  • “Lily Collins and fakes”

McAfee also offered some tips for staying safe, especially if you’re going to be looking at this type of content.

Beware of content that prompts you to download anything before providing you the content. You may want to opt to watch streaming videos or download content from official websites of content providers.

“Free downloads” are significantly the highest virus-prone search term. Anyone searching for videos or files to download should be careful as not to unleash malware on their computer.

Always use password protection on your phone and other mobile devices. If your phone is lost or stolen, anyone who picks up the device could publish your information online.

Established news sites may not entice you with exclusives for one solid reason: there usually aren’t any. Try to stick to official news sites that you trust for breaking news. However, trusted sites can also fall prey to hackers. Make sure to use a safe search tool that will notify you of risky sites or links before you visit them.

Don’t download videos from suspect sites. This should be common sense, but it bears repeating: don’t download anything from a website you don’t trust — especially video. Most news clips you’d want to see can easily be found on official video sites, and don’t require you to download anything. If a website offers an exclusive video for you to download, don’t.

Don’t “log in” or provide other information: If you receive a message, text or email or visit a third-party website that asks for your information—credit card, email, home address, Facebook login, or other information—for access to an exclusive story, don’t give it out. Such requests are a common tactic for phishing that could lead to identity theft.

/0 Comments

Can Hacking Get You Blacklisted by Google?

, , ,

By now, the hacker craze of the 90’s and early 2000’s has died down quite a bit. Most people don’t worry about hackers all that much, so long as you use some solid anti-virus and keep your router protected. Big businesses may have to worry about Anonymous’ hi jinks, but the common person don’t tend to concern themselves with the issue. Hacking especially doesn’t seem like that big of an issue for SEO, at first.

But, hackers can actually do your site some damage, and can even get your site entirely dropped from the Google search index. Sites get blacklisted when hackers inject malicious code onto servers, as Google seeks to protects searchers’ computers from any sort of compromising.

While Google doesn’t immediately drop sites from their index, being blacklisted leads to a complete drop in organic traffic and can be a crisis for SEO. Blacklisting starts as a warning to searchers that a site may be compromised, and few will continue past that alarm.

This has become a rather significant problem for Google. To help provide wide support for the increasing number of webmasters dealing with compromised servers, Google has launched the ‘Webmasters Help for Hacked Sites‘ support center. They give detailed information on how to clean and repair your server and prevent your site from getting entirely dropped from the Google index.

If you think this sort of hacking isn’t a big deal, check out the charts below. They show just how frequent this type of malicious activity has become. It isn’t just banks and large corporations dealing with it. Small businesses are just as at risk as international franchises. The most common form of attack is an automated set of processes that indiscriminately discover and exploit vulnerabilities on servers, which are often left completely unprotected.

Search Engine Journal recently explored the issue more in depth, unpacking why the issue is such a large concern to Google and webmasters alike. Compromised sites can destroy a search engine’s credibility just as your own, so the problem has to be taken very seriously.

/0 Comments

Who Is The Most Dangerous Celebrity To Search For?

, ,

McAfee’s Most Dangerous Celebrities Study results have been released for this year and the news is bad for Harry Potter fans. Emma Watson is the most dangerous celebrity to search for.

The title was held by Heidi Klum last year, but she has dropped off of the list. Searching Watson’s name has a 12.6 percent chance to leading to dangerous sites that offer spyware, adware, viruses and all other sorts of dubious content.

Also of note in this years’ list is the lack of men. The entire top ten are female. The only man to appear in the top 20 is Jimmy Kimmel, who was ranked number 13. Last year only two men appeared on the list.

The message is clear; if you’re searching a female celebrity, be careful what you click on.

 

For more information, read Matt Mcgee’s article at Search Engine Land.

/0 Comments